Rutland Northeast SU

PowerSchool Cybersecurity Incident

Update - January 30, 2025

We have confirmation that the 800 number is now active for anyone affected by the PowerSchool incident. Anyone seeking information about the incident or seeking to obtain credit monitoring and identity protection from PowerSchool can now call 833-918-9464. The line is available Monday-Friday, 9AM-9PM ET (excluding holidays).

Additionally, PowerSchool's notification page for this incident is now up:

https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/

In the coming weeks, Experian (on behalf of PowerSchool) will also be distributing direct email notifications to individuals for whom they have sufficient contact information. This email notice will include additional information about what data was compromised for the individual contacted, as well as, the resources PowerSchool is offering.

Regardless of whether an individual’s Social Security Number was compromised, PowerSchool is offering two years of complimentary identity protection services for all current and former students and educators whose information was determined to be involved. They are also offering two years of complimentary credit monitoring services for all adult students and educators whose information was determined to be involved.

Update - January 24, 2025

Over the past few weeks, PowerSchool has been focused on assessing the scope of the data involved, enhancing their cybersecurity defenses, and developing a plan to address the incident effectively.

And although we are still waiting on the official report on the incident form their security partner, CrowdStrike, they have shared updates on several key next steps:

Identity Protection and Credit Monitoring Services

• Complimentary Services for All Affected Individuals: PowerSchool has partnered with Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to all students and educators whose information from the PowerSchool SIS was involved, regardless of whether their Social Security number was exfiltrated.

• Identity Protection: Two years of complimentary identity protection services will be offered to all affected students and educators.

• Credit Monitoring: Two years of complimentary credit monitoring services will be provided for all affected adult students and educators.

Notifications
Individuals and State Agencies: PowerSchool will begin notifying affected individuals and relevant state attorney general offices in the coming weeks.

• Community Outreach: PowerSchool will coordinate with Experian to send notifications on their behalf to students (or their parents/guardians if the student is under 18) and educators, as applicable. The notification will include details about the identity protection and credit monitoring services being offered. Additionally, a dedicated call center will be available to address questions from the community.

• Regulatory Notifications: Vermont State Attorney General: PowerSchool will provide notification to the Vermont state attorney general's office regarding the incident.

We are committed to keeping our community informed throughout this process and will share any additional updates as they become available.

Update - January 16, 2025

Please see the resource links below for additional information and advice for those imapcted by the PowerSchool data breach.

Identity Theft and Information on the PowerSchool Data Security Breach

How To Protect Your Child From Identity Theft

Update - January 13, 2025

While updates from PowerSchool are still forthcoming, we strongly encourage teachers, parents, and former students to take proactive steps to protect their personal information. We are still awaiting details on mitigation services PowerSchool may provide, such as credit monitoring or identity theft restoration.

Although PowerSchool is required to perform notification to individuals impacted, we have had no word from them in that regard. As a result, we are continuing notifications using the best information we have available. Notifications to individuals will be via email in most instances. If you are a parent, staff member or adult student please ensure psinfo@rnesu.org is allowed through your spam protection.

Below, we’ve outlined several recommended actions based on guidance from security experts.

Steps for All Affected Individuals

1. Notify Financial Institutions:

• Contact your bank and credit card providers to alert them. Request that they flag your accounts for suspicious activity.

2. Update Passwords:

• If you reuse passwords, update them immediately. Use strong, unique passwords and avoid simple modifications (e.g., adding "2025" or symbols). Consider a password manager for secure storage.

Steps for Parents of Minor Children

1. Check for a Credit Report in Your Child’s Name

• Children under 18 typically should not have a credit report. The Consumer Financial Protection Bureau offers guidance for checking and disputing fraudulent reports.

  • https://www.consumerfinance.gov/

2. Consider Placing a Fraud Alert

• A fraud alert requires creditors to verify identity before issuing credit. Parents may need to provide their child’s SSN and proof of identity to request this.

Steps for Teachers

1. Place a Security Freeze on Your Credit Reports

• A security freeze prevents unauthorized accounts from being opened in your name. Visit the websites of the three major credit bureaus for more information:

  • Experian - https://www.experian.com/

  • TransUnion - https://www.transunion.com/

  • Equifax - https://www.equifax.com/

Original Notification - January 10, 2025

We are reaching out to inform you about a recent cybersecurity incident involving PowerSchool, the software vendor for our Student Information System (SIS).

On January 7, 2025, PowerSchool notified our leadership team of unauthorized access to certain customer data. Unfortunately, this incident has impacted data belonging to RNESU families and educators, as well as data from hundreds of other school districts across the United States and Canada.

According to PowerSchool, the compromised data primarily includes contact information, such as names and addresses, for parents, students, and staff. For some individuals, personally identifiable information (PII), such as Social Security Numbers (SSNs) or medical information, may have been accessed. PowerSchool is working urgently to determine whether PII related to RNESU students was included.

While PowerSchool continues their investigation, our technical team has been conducting its own review. Based on the information we have so far, we will begin contacting individuals we believe are reasonably likely to have been affected. Once PowerSchool provides confirmation, we will continue reaching out to individuals directly.

We want to assure you that protecting our community’s information is a top priority. PowerSchool has indicated that they will provide resources, such as credit monitoring or identity protection services, for those affected. We will share these resources with you as soon as they become available.

We understand this situation may cause concern, and we are committed to keeping you informed every step of the way. Thank you for your patience and understanding as we work diligently to resolve this matter.

For more specific questions or concerns, families and staff can reach out via email to psinfo@rnesu.org.